CVE-2025-31324

The repository contains a scanner for CVE-2025-31324, a critical SAP NetWeaver vulnerability. It checks for vulnerability presence and known webshells but does not include exploit code.

This PoC exploits a deserialization vulnerability in SAP NetWeaver to achieve remote code execution (RCE) by uploading a malicious ZIP file containing a crafted .properties file. The exploit can execute arbitrary commands or drop a JSP shell on the target system.

This repository contains a scanner tool for detecting CVE-2025-31324, a critical vulnerability in SAP NetWeaver AS Java's Visual Composer Metadata Uploader. It checks for vulnerability indicators and known webshells but does not include exploit code.

This repository contains a Python-based tool developed by Onapsis and Mandiant to assess vulnerabilities and potential compromises related to CVE-2025-31324 and CVE-2025-42999 in SAP NetWeaver Java systems. It scans for vulnerable components, indicators of compromise (IOCs), and suspicious files, while also analyzing logs for exploit activity.

This repository contains a Python-based exploit for CVE-2025-31324, targeting SAP NetWeaver. The script scans for open ports, uploads a JSP shell, and verifies its execution by sending a test command.

The repository contains detailed technical writeups for multiple CVEs, including CVE-2025-31324, with descriptions, PoC examples, and mitigation recommendations. It does not include functional exploit code but provides in-depth analysis of vulnerabilities.

This repository contains a functional PoC for CVE-2025-31324, an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer Metadata Uploader. It includes scripts for endpoint discovery, payload upload, and optional trigger execution.

This repository provides a Nuclei template for detecting SAP NetWeaver Application Server instances potentially vulnerable to CVE-2025-31324 by examining HTTP response headers. It does not include an exploit but serves as a detection method.

This PoC exploits CVE-2025-31324 in SAP NetWeaver by uploading a malicious JSP shell via the MetadataUploader endpoint, achieving remote code execution. It tests multiple upload methods and probes for the shell's accessibility.

This is a functional exploit for CVE-2025-31324, an unrestricted file upload vulnerability in SAP NetWeaver AS Java Visual Composer. It allows unauthenticated remote code execution by uploading a malicious JSP file via a crafted ZIP payload.

This is a Nuclei template designed to check for the presence of CVE-2025-31324 in SAP NetWeaver, which involves unauthorized JSP file uploads leading to potential RCE. The template is a detection tool rather than a full exploit.

This repository contains a Python-based scanner for detecting CVE-2025-31324 in SAP Visual Composer systems and identifying known malicious JSP files. It checks for vulnerable endpoints and scans for IOCs.

This repository contains a scanner tool designed to detect JSP-based webshells by searching for suspicious code patterns commonly associated with exploitation of SAP NetWeaver CVE-2025-31324. It includes both PowerShell and Bash scripts for recursive scanning of .jsp files.

This repository contains a Python-based proof-of-concept exploit for CVE-2025-31324, an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer. The exploit allows arbitrary file uploads, including JSP web shells, and includes features for OAST-based vulnerability checks and direct exploitation.

This repository contains a Python-based PoC for CVE-2025-31324, an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer Metadata Uploader. The script allows uploading arbitrary files (e.g., WAR/JAR) and optionally triggering them via HTTP GET.

This repository contains a Nuclei template for detecting CVE-2025-31324, a vulnerability in SAP software. The template is designed to validate the presence of the vulnerability by scanning target URLs or a list of targets.

This repository contains a Flask application with an intentionally vulnerable file upload endpoint that allows arbitrary Python file execution, leading to remote code execution (RCE). The PoC includes a reverse shell script (`rev.py`) and setup scripts for establishing a persistent SSH connection.

This PoC exploits CVE-2025-31324, an arbitrary file upload vulnerability in SAP NetWeaver Visual Composer Metadata Uploader <= 7.50. It sends a POST request to upload a local file to the vulnerable endpoint.

This PoC exploits an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer via the `/developmentserver/metadatauploader` endpoint, allowing arbitrary file uploads that could lead to RCE.

This is a Burp Suite extension designed to detect CVE-2025-31324, a critical vulnerability in SAP NetWeaver Visual Composer’s Metadata Uploader component. It actively scans by attempting a benign file upload to the `/developmentserver/metadatauploader` endpoint and checks for indicators of successful upload.

This repository contains a scanner for detecting CVE-2025-31324, an unauthenticated file-upload vulnerability in SAP NetWeaver Visual Composer. The tool checks for vulnerability status and known webshells but does not include exploit functionality.